CA Encryption Key Manager Simplifies Compliance, Enables Ready Access to Protected Data

Unified automation of critical storage security helps reduce TCO, mitigates risk for multi-vendor storage environments

Note: ESJ’s editors carefully choose vendor-issued press releases about new or upgraded products and services. We have edited and/or condensed this release to highlight key features but make no claims as to the accuracy of the vendor's statements.

CA today released CA Encryption Key Manager, a z/OS-based comprehensive solution that unifies and automates the management, storage, distribution, and documentation of encryption keys for multi-vendor mainframe and distributed environments such as Linux, UNIX, Windows, and Solaris. CA EKM can reduce administrative overhead, support compliance best practices and corporate governance initiatives, and reduce the risk of downtime that can result from the inability to access encrypted data.

CA EKM automatically replicates encryption keys across a set of local and dispersed hosts via SSL-encrypted TCP/IP so that keys can quickly and transparently be recovered in case of a disaster, hardware errors, or a system outage. It also automatically enforces policies regarding the change of encryption keys and digital certificates, thereby mitigating the labor and risk associated with manual administration.

The vendor-neutral solution helps IT organizations avoid being locked into costly standalone hardware or software purchases that could introduce single points of failure or lack the flexibility to meet changing business needs. Because the solution can support both popular IBM tape encryption devices and CA Tape Encryption subsystems from the same interface, CA EKM can streamline customers’ approach.

IT organizations face new encryption key management issues as expanding compliance mandates and growing consumer concerns about privacy drive more rigorous protection of sensitive data. These issues include:

  • The time and effort required to manage keys
  • The accuracy with which keys must be distributed to authorized users
  • The need to ensure the availability of all keys under any conditions
  • The need to credibly document encryption measures to auditors

CA EKM helps customers address these issues and others by providing a single, centralized interface that can be used for any combination of IBM TS1120 and IBM TS1130 tape encryption devices, as well as CA Tape Encryption subsystems.

CA EKM also interfaces with z/OS external security systems such as IBM RACF, CA ACF2 for z/OS, and CA Top Secret for z/OS for Public/Private keys, and digital certificates storage. Encryption keys and digital certificates from these sources can be automatically re-imported if they are not found, further accelerating the recovery of encrypted data in the event of a disruption.

CA EKM integrates with the CA Graphical Management Interface so users can respond quickly to internal or external auditing requests and validate compliance for events such as certificate generation, key migration, key store synchronization, and key deletion.

By reducing the effort and complexity associated with key management, CA EKM supports CA’s broader Mainframe 2.0 initiative. CA EKM can also be installed and configured with CA Mainframe Software Manager, a key Mainframe 2.0 solution.

CA EKM is designed in accordance with the guidance for key management set forth in the National Institute of Standards and Technology, document NIST 800-57. Technical specifications for CA EKM are available at

Must Read Articles